1. Introduction

This is the Privacy Policy of meshMD Inc. To provide our services, we collect personal information about you and, if you are a healthcare provider, about the patients you serve using our services. Protecting that information is fundamental to how we do business. This Privacy Policy describes our current privacy practices and our commitment to comply with applicable rules and regulations.

This Privacy Policy describes our privacy practices. It does not describe the privacy practices of the healthcare providers to which we provide services.

If you are an individual using our services through a healthcare provider, the healthcare provider’s privacy policy governs our collection, use and disclosure of your personal information (whether we obtain it from you or from your healthcare provider) on its behalf, the consent that you provide to your healthcare provider in relation to that personal information applies to our use of it on your healthcare provider’s behalf, and we may collect, use and disclose that personal information in accordance with that healthcare provider’s privacy policy.

If you have questions about a healthcare provider’s privacy policy, you should contact that healthcare provider directly.

If you are an individual who wishes to use our services directly, or if you initially used our services through a healthcare provider but wish to continue to use our services after ceasing to use that healthcare provider, this Privacy Policy applies to our use of your personal information (whether we obtain it from you or from your healthcare provider).

Please read this Privacy Policy carefully so that you understand how we safeguard your personal information. By using our services, you agree to the terms of this Privacy Policy. This includes ensuring that you (and, if applicable, your authorized employees and agents) adhere to the practices identified below to help maintain the privacy and security of the personal information you provide to us.

We reserve the right to change this Privacy Policy at any time, and in our sole discretion. Any such change will not have retroactive effect – it will only apply from and after the stated effective date. If we make any such change, we will notify you in advance at the email address you provide in your registration information (it is your responsibility to ensure that such email address is current, and attended). If you do not agree with the change, you can cancel your account with us without further obligation, except for the amount due for the balance of the billing period in which you cancel your account (for example, if your billing period is monthly, we will prorate your account to the nearest month-end after your cancellation). Unless otherwise specified, any change to this Privacy Policy will be effective immediately upon the stated effective date of the change, and if no effective date is stated, upon the date that is 30 days after the posting of the change on our website. Your continued use of our services after the effective date will constitute your acceptance of such change. If you do not agree to any changes to this Privacy Policy, you must stop using our services.

​2. Scope And Definitions

This Privacy Policy applies to all personal information, including personal health information, that is collected by meshMD Inc. from your or on your behalf.

“Personal information” means information that refers specifically and identifiably to an individual, or that could be used to identify an individual when combined with other information. For example, an individual’s name and date of birth are personal information. This Privacy Policy applies to personal information that you provide to us whether it is about you or is about a third party (for example, if you are a healthcare provider, personal information includes information we collect on your behalf from your patients).

“Personal health information” has the meaning given to it by applicable law (if any), and in any event includes information about an individual that (i) relates to the physical or mental health of the individual (including information that consists of the health history of the individual’s family), (ii) relates to the providing of healthcare to the individual (including the identification of a person as a provider of healthcare to the individual), or (iii) relates to payments or eligibility for healthcare, or eligibility for coverage for healthcare, in respect of the individual. For example, personal health information includes information about an individual’s health, the healthcare services the individual receives, payments for healthcare services for the individual and the individual’s health card number, and messages between an individual and a healthcare provider.

3. Certain Applicable Legislation

In Ontario, meshMD Inc. is subject to Ontario’s Personal Health Information Protection Act, 2004 (the “PHIPA”). Under PHIPA, when we provide services to Ontario healthcare providers and they or their patients provide personal health information to us in relation to those services, we act as an “agent” under PHIPA to that healthcare provider (in that healthcare provider’s capacity as a health information custodian under PHIPA).

We also provide services to healthcare providers in other jurisdictions, and in the course of providing those services may collect personal information, including personal health information, from them in order to provide services to them. Our collection, use and disclosure of that personal information are subject to all applicable laws.

We also provide services to individuals directly, and in the course of providing those services may collect personal information, including personal health information, from those individuals in order to provide services to them. Our collection, use and disclosure of that personal information are also subject to all applicable laws.

4. Our Collection And Use Of Your Personal Information

We collect personal information to provide you with services and support, establish contractual relationships and process payments. For example, we require your name and email address in order to provide you with access to our website. We will only ask you to provide the information required to complete your request or improve your service. You can always choose not to disclose information, but this may make it impossible for us to provide you with a particular service.

In some cases, we collect and use information provided by healthcare providers about their patients to provide services to the healthcare provider. As described above, we use this information to assist the healthcare provider in the provision of healthcare. A plain-language description of the services we provide to healthcare providers is available on our website at https://wellx.ca/terms/privacy.

In other cases, we collect and use information provided by individuals to provide them with services related to their healthcare. This can be information we collect on behalf of the individual’s healthcare provider (for example, personal information provided to us by a patient after being invited by a healthcare provider to use our services), or it can be information we collect from the individual for use in our delivery of services directly to the individual, on his or her own behalf. For example, we collect your name, email address and other demographic information to create your account.

To provide, maintain and improve our services, we also collect monitoring and auditing data in order to analyze, support and improve our services. For example, we may automatically track certain information about your visits to our website, such as your geographic location, computer type and the site from which you discovered us. We aggregate and/or anonymize this data before using or disclosing it. We do not collect personal health information for these purposes.

“Cookies” are small files placed on your hard drive that assist us in providing our services. We use cookies to provide you with a smooth, efficient, safe and customized experience. For example, cookies are used to allow you to enter your password less frequently during a session.

Please see our Terms of Use for information on what we do to personal information when you terminate your account with us.

5. Our Disclosure Of Your Personal Information

We will not sell, lease or trade your personal information to any third parties.

If you are an individual using our services, we may disclose your personal information to the healthcare providers to which you give access to that personal information in the course of using our services. For example, if you request or establish a relationship with a healthcare provider on our services, we will disclose your name and demographic information to that healthcare provider for their records.

We may from time to time use the services of affiliates, subsidiaries and unrelated service providers in the operation of our services, and may disclose your personal information to them in the course of our use of their services. For example, we may use the services of third-party hosting companies. This may involve the hosting of data, including personal information, on servers operated by those hosting companies. We take care to use only service providers that we believe are reputable and able to live up to our and your expectations, including about the handling of personal information.

We cooperate with law enforcement inquiries and demands for information that are made under force of law. Therefore, we may disclose your personal information (a) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (b) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, or (c) as otherwise required under any applicable law, rule, or regulation.

We may also disclose personal information to the acquirer or its agents in the course of the sale of our business. If we do this, the disclosure will be subject to confidentiality arrangements customary in such transactions.

Finally, please note that in some cases, information (not including personal health information) that we collect may be stored or processed outside of Canada. For example, when we send you an email or text message, we rely on services located in the United States of America. In such cases, we continue to protect the information with appropriate safeguards, but it may be subject to the legal jurisdiction of those countries and governmental authorities in those countries.

6. Protecting Your Personal Information

We use practices and policies to protect your privacy and the security of your personal information when we are using, storing, and disclosing it as described in this Privacy Policy. These practices and policies include:

Limiting access to only those personnel who require the information to provide our services. We provide training to our personnel in compliance with our privacy practices. Unauthorized access, use and disclosure of personal information by our personnel is strictly prohibited, including disclosing information to a third party, family member or friend or using the information for personal benefit.

Retaining your personal information only as long as required to provide services to you or to comply with applicable laws. Specific retention periods vary depending on the nature of the information.

Encrypting your personal information when it is stored or transferred offsite and protecting our servers and other unencrypted storage with physical security.

Protecting our servers, databases and networks with state-of-the-art firewalls and encryption technology, including TLS/SSL, the industry standard for website encryption and security.

7. Deleting And Returning Personal Information

When your personal information is no longer required to provide you and/or those patients and healthcare providers with whom you have shared information with services, we will destroy or delete your information according to our standard security practices and in accordance with our terms of use. Some logging and auditing information may be retained at our discretion; in addition, all of your information may not be deleted immediately (for example, we retain automated backups for a period of time to assist in disaster recovery). At your request, we will provide you with a copy of your information prior to deletion.

8. Your Responsibilities

As a user of our services, you agree that you will adhere to the best practices described below to safeguard your personal information. If you are a healthcare provider, you also agree to ensure that your employees and agents adhere to these practices to protect your information and your patients’ information.

Specifically, you agree to:

Use your own personal email address and password when accessing our services. Do not share your password with any other person.

Provide personal information to us using only the following methods: (a) through our secure website, (b) by fax, with an attached Confidential Fax cover page, or (c) by phone, if required for support purposes. Email is not a secure method for transmitting personal information.

Maintain your software, devices and networks as required to ensure security. For example, you should apply software updates and use anti-virus or security software as applicable to your device.

Notify us immediately of any change to your personal or account information that may impact the security and privacy of personal information (for example, staffing, phone number and email address changes).

Notify us immediately of any privacy or security breach that may impact our service (for example, if your email account or password has been compromised).

Not attempt to circumvent any of our practices, policies or technical safeguards for the protection of personal information, or to aid another person in doing so.

9. Access And Accuracy

You have the right to access and verify the personal information associated with your account. Access requests should be directed in writing to our Chief Privacy Officer, using the address provided at the end of this policy. We will respond to your request within thirty days.

We will not provide patients with access to information that we collect or use on behalf of their healthcare provider and that would not generally be accessible to a patient user through the use of our services. Requests for access to this information should be directed to the applicable healthcare provider, who may in turn request the information from us.

If you identify inaccuracies in our personal information, we will make an appropriate change in accordance with your instructions. If we are unable to change your information and you disagree with our decision, we will note your opinion in your file.

10. Withdrawing Consent

We respect your right to withdraw consent to the collection, use and disclosure of your personal information, subject to legal and contractual restrictions and reasonable notice. Upon receipt of a consent directive from an individual or their authorized representative, we will act on your instruction and, if applicable, inform the appropriate health information custodian of the implications. Withdrawing consent for the collection and use of your personal information may limit our ability to provide you with services.

11. Concerns And Interpretation

You should direct any questions or concerns about our policy and practices and any access or correction requests to our Chief Privacy Officer: